Home » Local News » IVC Hit With Ransomware Attack; Multiple Systems Impacted and Remain Offline

IVC Hit With Ransomware Attack; Multiple Systems Impacted and Remain Offline

(UPDATE 12:25 p.m. Aug. 11: Imperial Valley College releases a brief press statement with some additional information.)

A ransomware attack unleashed on Imperial Valley College’s computer system on Aug. 6 brought down critical systems that remained offline and will likely continue until further notice, a college spokesperson confirmed.

BREAKING NEWS: IVC Joins SDSU-IV in Not Re-opening In Fall
Imperial Valley College students are shown on campus during the spring 2019 semester. Due to the ongoing threat posed by COVID-19, Imperial Valley College will start the 2020-2021 school year focusing on distance learning and online services to students, a college spokesperson confirmed May 12. | LUIS BURGOS FILE PHOTO

College officials sent out a press release around 11:30 a.m. Aug. 10 saying the college was working on gathering and processing as much information as possible to “better assess what systems and files have been affected.”

-Advertisement-

It's Ok, Seek Help! Get More Information Here

“We are following recommended precautions and protocols to fix the problem and will alert our students, campus and the external community when all systems are back online,” stated Martha Garcia, IVC superintendent and president, in the press release.

The college computer system was shut down as a precaution mid-morning Aug. 6, when ransomware was detected.

The release states that key campus systems remain offline, although it did not specify which systems those are. Additionally, the telephone communications system is down, and, at this time, the college is unable to receive or place calls, the initial release stated. 

“Key student-information systems” remained offline Aug. 11, but no specifics were shared.

“The college continues to experience significant technical issues that have required several of our student-information systems to remain offline. We will notify our student body, campus and the Imperial Valley community when systems are back online,” public information officer Elizabeth Espinoza told the Calexico Chronicle when pressed for further information Aug. 11.

-Advertisement-

The first part of that statement, though, appears to be coming verbatim from a letter sent out to students in an Aug. 9 letter from IVC Vice President of Student Services and Equity, Lennor M. Johnson.

Meanwhile, in an updated statement from the college earlier Aug. 11, Espinoza stated:

“We realize the media has further inquiries, but this is an ongoing investigation; therefore, we are not going to comment beyond the information conveyed. This is a dynamic situation, and our efforts remain focused on taking care of immediate student and employee needs. We will continue to provide public updates accordingly,” she stated.

Among those questions yet to addressed was what was the ransom demand made against the college to restore its systems, how did the malware infiltrate IVC’s systems, and what are the timelines pending to decide whether the start of the fall semester would be affected, or when more information would be provided to the public.

Classes are scheduled to start Aug. 17, and when asked how that might be affected, Espinoza answered:

“We are considering delaying the start date of some courses based on the individual needs of the class and faculty recommendations,” she wrote in the Aug. 11 statement, which does not address when that information might be coming.

Perhaps the largest question looming is whether any personal data of students or staff might have been compromised.

“Regarding information that has been impacted, that is still under investigation. If it is determined that personal identifiable information is involved, we will be notifying the affected individuals as well as the proper authorities,” Espinoza stated in the updated release. 

IVC’s projected fall enrollment is 7,000 students.

Jeffrey Enz, chief technology officer for the college, reported in the Aug. 10 release the college’s entire system was taken offline as a precaution to isolate and prevent the spread of the virus.  

“At this time, IVC’s IT Department continues to work to restore the system but cannot provide a clear timeline as to when systems will be back online until they ensure the spread of the virus has been mitigated. We apologize for any inconvenience this has caused. Please be assured that IVC has taken every step necessary to address the incident. We will keep the community informed as to any additional information we receive,” the release stated. 

Imperial Valley College officials sent a message to students Aug. 9 informing them the school might have been the victim of a ransomware attack on the college’s systems.

“At this time, we believe the campus has been impacted by ransomware. Our (information technology) department and hired (cyber security) consultants are working diligently to restore the programs and files that have been affected,” the letter from Vice President Johnson stated.

Imperial Community College District Area 3 board member Jerry Hart spoke with a reporter from this newspaper Aug. 10 confirming the attack, but he could not confirm what critical systems were taken offline.

“We are trying to resolve an issue with our software that affected our communication and operational process,” Hart said. “We have made efforts to get the things back online as quickly as possible working with a company (firm) who is helping to fix the issue.”

“As soon as we know for sure what is happening, we want to inform our students. We hope to have some concrete information to share with the public by Friday (Aug. 14),” Hart said.

The student registration portal on IVC’s website was down, Hart said. He was not able to confirm rumors that teachers’ ability to turn in grades for summer school had been affected. He also did not know whether personal data had been compromised, how the ransomware might have infiltrated the system, or what was asked for as a form of ransom.

He said more would be announced Aug. 14.

“We want to do right by our students, and this is getting in the way right now, especially now that we are in the pandemic and all classes are online,” said Hart, feeling this would be disheartening for students.

Two of the board members contacted Aug. 10 said they were unaware of the attack. However, Espinoza stated Aug. 11 that all board members were informed of the ransomware attack via email Aug. 9, some three days after it was discovered.

When contacted around 10 a.m. Aug. 10, college board Trustee Father Mark Edney said he knew the school sent out a message about computer problems, but he did not know of a ransomware attack. He said he had been out of town.

Board member Rudy Cardenas wasn’t even aware the letter had been sent out and knew nothing of the situation when contacted Aug. 10.

Meanwhile, the letter stated the “college continues to experience significant technical issues that have required several of our student information systems to remain offline, such as WebSTAR, Canvas, Starfish, Syllabi site, Contact Forms, and DegreeWorks. In addition, our telephone communication system is down and is not able to receive phone calls.

“Being that this is a week before the fall semester, we recognize that this is a critical time for students to finalize their class schedules, complete any required paperwork, finish the financial aid process and work with student services to procure any needed accommodations. We also recognize there are a few of you inquiring about transcripts and other types of documents needed in order to complete transfer requirements,” the letter continued.

The letter from Johnson continued:

“The Student Services department is working to ensure you can contact us while our systems are down:

“First, we encourage all students to check their IVC email daily for updates and direction.

“Second, our webpages will be updated, and we will post scheduled open zoom meetings, where students can log on during the posted hours and ask a faculty or staff member a question. The staff member will either answer the question or refer you to someone who can.

“Third, you can use our chatbox feature: ‘Ask Pepper.’ We are frequently updating the chatbox responses, and questions she cannot answer will be forwarded to a staff member, who will reply.

“Please note: students may experience delays in campus employees responding to inquiries due to these technical issues, but they will do their best to answer all inquiries in a timely manner.

“We sincerely apologize for any inconvenience this may have. I assure you that we will do all we can to mitigate any problems this may cause. If you have any questions, please do not hesitate to contact me directly. I will provide the student body with another update as soon as we have additional information.”

The government of Imperial County was the victim of a ransomware attack in mid-April 2019. It took the county’s website, computer networks and phone and email systems offline for more than a week, a process that was still being played out late into 2019 and some of 2020 as thousands of county computers were upgraded and new security protocols put in place.

Spending $1.9 million in software, hardware and cybersecurity upgrades, the county Board of Supervisors fought back against demands to pay a reported $1.2 million in digital ransom (bitcoin). The board unanimously decided to rebuild its system from the floor up at the time of the attack.

Officials have maintained that no personal information was ever accessed, and that the ransomware did not have “data exfiltration capabilities,” or could not copy or move data off the infected network. That was according to the results of a mid-August 2019 after-action report from county information technology officials and a third-party cybersecurity firm.

The attack was first discovered when county officials noticed the county website offline on April 14, 2019, a Sunday. The ransomware was unleashed in stages after a county employee, and multiple employees thereafter, opened infected attachments in “phishing emails.” That led to what county officials have previously described as a cascading effect of events.